漏洞描述
在Java端%c0%ae解析为삮,最后转义为ASCCII低字符. ,通过这个方法可以绕过目录保护读取包配置文件信息。
JAVA安全模式绕过导致任意文件读取漏洞
PoC代码
暂无相关漏洞推荐
-
CVE-2017-12149: Java/Jboss Deserialization [RCE] POC
2025-09-01 | Java JbossIn Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was foun... -
javamelody-detect: JavaMelody Monitoring Exposed POC
2025-09-01 | JavaMelodyJavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments.... -
CVE-2013-3827: Javafaces LFI POC
2025-08-01 | JavafacesAn Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.... -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
LemonLDAP::NG 操作系统命令注入漏洞 无POC
2025-09-20 00:03:21 | LemonLDAP::NGLemonLDAP::NG是LemonLDAP::NG开源的一套Web单点登录和访问管理软件。 LemonLDAP::NG 2.16.7之前版本和2.17版本至2.21.3之前版本存在操作系统命令注入...